0919ELSEADM Documentation for Administrators ^(WikiPage)
The Official X-Itools ELSE 0.9.19 Administrator's HOWTO Edited by Nicolas HAHN < hahnn@x-itools.com > / < hahnn@erios.org > This page for version: 0.9.16 Next: Introduction Table of Contents Introduction Requirements The big picture Administrator's tasks Next: Introduction This page for version: 0.9.16
Last updated: 2015-02-26

0919ELSEADM Introduction ^(WikiPage)
This HOWTO is not SysAdmins oriented. It will not speak about the installation and configuration of the ELSE as well as of all its dependencies.
Last updated: 2015-02-25

0916ELSEADM Documentation for Administrators ^(WikiPage)
The Official X-Itools ELSE 0.9.16 Administrator's HOWTO Edited by Nicolas HAHN < hahnn@x-itools.com > / < hahnn@erios.org > This page for version: 0.9.19 Next: Introduction Table of Contents Introduction TO BE CONTINUED Next: Introduction This page for version: 0.9.19 Database Database Schema
Last updated: 2015-02-25

0919ELSEADM Requirements ^(WikiPage)
The Official X-Itools ELSE 0.9.19 Administrator's HOWTO Edited by Nicolas HAHN < hahnn@x-itools.com > / < hahnn@erios.org > Top: Documentation for Administrators | Previous: Introduction | Next: The big picture Requirements Technical requirements Security requirements User's skills Requirements As an ELSE administrator, you must have read The Official X-Itools ELSE 0.9.19 User's HOWTO before to read this one. To get the best experience with the ELSE, it's strongly recommended to follow the technical and security requirements below. Technical requirements Here below are the minimum technical requirements to use the ELSE on a user workstation: 3 GHz dual-core CPU 4 Gb RAM HD screen with resolution of 1920x1200: below this resolution, the Web User Interface cannot be displayed entirely Firefox or Chrome Web Browser: ELSE Web User Interface is known to work well with those browsers, Firefox being the fastest compared to Chrome. Use of Internet Explorer is not recommended. Network Card with High Bandwidth of 1 Gbits/s Security requirements Here below are the minimum security requirements to be checked when using ELSE on a user workstation: you MUST check the ELSE make use of HTTPS when accessing its web site. NEVER NEVER use the ELSE if you see the service is provided via HTTP. Because the ELSE is a software that can be seen (and that is) very intrusive in the emails that are processed by it, the information it handles are very sensitive. All those data related to email contents must not be manipulated if the ELSE is running on a web server that's not encrypting communication using HTTPS. If you've to go away from your workstation, even if it's just for 2 minutes, then lock-it. User's skills As an ELSE administrator, you need to own a solid background in the field of messaging services, messaging protocols (SMTP, IMAP4, ...) and more generally speaking in systems, networks and security. Extended knowledge in particular with Firewalls, Postfix, Postfix Policy Servers, Microsoft Exchange Server, DNS, SNMP, RSYSLOG, RSYSLOG Windows Agent, PostgreSQL databases, scripting, Apache HTTPD, PHP, javascript and so on, is of course a must have. And finally, some internet related RFCs should have no secrets for you, like RFC821, RFC822, RFC4408, ... Top: Documentation for Administrators | Previous: Introduction | Next: The big picture
Last updated: 2015-02-25

0919ELSEADM Big pictures ^(WikiPage)
The Official X-Itools ELSE 0.9.19 Administrator's HOWTO Edited by Nicolas HAHN < hahnn@x-itools.com > / < hahnn@erios.org > Top: Documentation for Administrators | Previous: Requirements | Next: Administrator's tasks The big picture The one and only one We are legion The big picture To start, it's important to understand the way the ELSE is running, how all components are integrated together. In this section, we discuss about two big pictures: one considering a standalone, unique Linux server where everything is installed (suitable for very small or home installations), and the other considering a distributed ELSE environment, over several servers having dedicated roles. The one and only one Here, we consider that all components making an ELSE system, are installed on a unique Linux server (meaning Windows for Exchange server is installed on a VM running on the Linux host). For example, this shows the way the ELSE Virtual Machine, made for demonstration purpose, is designed. Big picture: all in one ELSE integrated environment It seems complicated? Not really... Here are explanations with simple steps: Whatever it's a Microsoft Exchange Server or a Postfix Server, the logs they produce are sent to Rsyslog. Via the Rsyslog Windows Agent for Exchange, and to the local Rsyslog daemon for Postfix. If you have Exchange servers, Rsyslog Windows Agent send the logs to the Rsyslog daemon using RELP protocol In addition, it's possible to deploy the GreyLSE Postfix Policy Server: Postfix can make requests on it for operations like SPF checks, whitelisting, greylisting, blacklisting, ... Rsyslog filter the logs and send them in real time to the PostgreSQL database, using parallel connections to handle extremely huge loads The PostgreSQL database performs its processing job on every received log line Then, ELSE users or administrators use the ELSE WUI (Web user Interface) for all operations (log search, control of the GreyLSE Postfix Policy Server daemon, ...) So, in its simplest expression, the ELSE environment can be described like this if you don't have Exchange servers nor using a Postfix Policy Server like the GreyLSE: Big picture: the most basic ELSE environment We are legion Here, we suppose the ELSE environment is an ISP one. We have several servers, each of them providing a specific functionality or service. Big picture: a distributed ELSE integrated environment In this architecture, we can have a lot of Postfix and/or Exchange servers, as Virtual machines for example. There is a dedicated anti-virus/anti-spam server (or several of them). The ELSE system is installed on three servers: the ELSE backend, the ELSE frontend and a dedicated GreyLSE instance. The GreyLSE instance can also be installed in the ELSE backend to maximize database throughput performances. All logs generated by messaging servers are sent to the ELSE backend via RSyslog RELP. Then the Rsyslog installed on the backend send the logs to the PostgreSQL database using several database connections to maximize throughput. In this kind of configuration the ELSE backend, that is the heart of the system, is a huge physical server (in term of RAM, CPU cores and I/O), able to process several millions of e-mails every day. It's highly scalable in the way additional Postfix servers, anti-virus/anti-spam servers (Amavis for instance), GreyLSE servers and Front-end Servers can be added to absorb the load. Database scalability is accomplished by adding more CPU cores to the backend server, and by insuring there is no issue from the point of view of the I/Os. Top: Documentation for Administrators | Previous: Requirements | Next: Administrator's tasks
Last updated: 2015-03-08

0919ELSEADM Admin tasks ^(WikiPage)
The Official X-Itools ELSE 0.9.19 Administrator's HOWTO Edited by Nicolas HAHN < hahnn@x-itools.com > / < hahnn@erios.org > Top: Documentation for Administrators | Previous: The big picture | Next: Administrator's required skills Must-have skills Should-have skills Nice to have skills Administrator's tasks Administrator's required skills An ELSE Administrator must be a SMTP administrator/architect or Messaging administrator/architect, and can be a system administrator/architect. Here we list most of the knowledge areas that an ELSE administrator should be able to demonstrate. Must-have skills An ELSE administrator must be able: to perfectly understand the messaging infrastructure in which the ELSE system is installed to perfectly understand the messaging protocols, like SMTP. For example you must be able to generate by hand a SMTP session via telnet on a SMTP server. to perfectly understand the way some core internet services must be configured for messaging services. In particular, you must have a perfect knowledge of DNS and some dedicated records like A, PTR, MX, TXT, SPF ones to refer to internet RFCs dealing with messaging standards to show evidences of knowledge about messaging threats to support the other ELSE administrators and users to support, even pilot, the messaging administrators/architects Should-have skills An ELSE administrator should be able: to demonstrate good knowledge of GNU/Linux, generally speaking to demonstrate good knowledge of Postfix and understand its configuration directives to demonstrate good knowledge of Exchange Server logging to demonstrate good knowledge of Rsyslog and understand its configuration directives to demonstrate good knowledge of PostgreSQL database as an administrator, and as a user to demonstrate good knowledge of security areas, in particular firewall rules and policies, iptables. Nice to have skills The above is considered a plus for an ELSE administrator: knowledge of Microsoft Windows knowledge of Postgrey knowledge of Apache HTTPD knowledge of PHP >=5.3 knowledge of ExtJS >=4.1.3 framework knowledge of Javascript Administrator's tasks As an ELSE administrator, you'll have to perform the main tasks below: configure the Rsyslog daemon of the ELSE backend server to distribute the load on the ELSE database configure new Postfix servers, GreyLSE servers, GreyLSE clients, Exchange servers in the ELSE WUI manage ELSE groups and ELSE users with their permissions in the ELSE WUI provide greater level of support to the other ELSE users, and generally speaking to solve any issue related to the messaging services work together with system administrators when they install new Postfix servers to be integrated in the ELSE environment work together with the DNS administrators when you'll have to provide them change requests about DNS records and basically, you'll have to perform any task described in The Official X-Itools ELSE 0.9.19 User's HOWTO Top: Documentation for Administrators | Previous: The big picture | Next:
Last updated: 2015-03-05

Sort by relevance or date